criticalCISA KEVCVE-2025-29635

D-Link DIR-823X Command Injection Vulnerability

D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

ProductDIR-823X
CVSS7.2
EPSS0.87239
UpdatedJuly 9, 2026

Quick answer

D-Link DIR-823X should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.

Who is affected

Affected versions

  • 240126
  • 240802
  • -

Fixed versions

  • Apply the latest vendor-supported patched version.

How to fix it

CVE-2025-29635 affects D-Link DIR-823X devices and the vendor advisory identifies the product as end-of-life and end-of-service. Because supported firmware development has ended, the reliable fix is to retire and replace the router rather than depend on a future patch. If immediate replacement is not possible, reduce exposure while planning replacement by disabling remote administration, using the newest available firmware, and isolating the device.

  1. Identify all D-Link DIR-823X devices, hardware revisions, firmware versions, and whether any management interface is exposed to WAN or untrusted networks.
  2. Schedule replacement with a supported router or firewall platform; treat continued DIR-823X use as residual risk.
  3. Until replacement is complete, install the latest firmware available for the exact region and hardware revision if one exists.
  4. Disable WAN-side administration, UPnP, unnecessary port forwarding, cloud management, and any unused services.
  5. Set a unique strong administrator password and rotate Wi-Fi credentials where the device may have been exposed.
  6. Place the device behind a trusted upstream firewall or isolate it from sensitive internal networks.
  7. Monitor for unexpected DNS changes, port forwards, new users, configuration changes, or outbound traffic spikes.

Scan now. Google sign-in is only needed to unlock fix guidance.

Verify the fix

  • Confirm the affected DIR-823X device has been replaced, or document the accepted temporary risk and mitigation owner.
  • Verify remote administration and unnecessary services are disabled from the WAN side.
  • Scan from an external network and confirm no management interface is publicly reachable.
  • Review configuration backups for unauthorized changes before and after mitigation.
  • Run a Fixnx scan against public assets behind the router after replacement or isolation.

Related categories

Trusted references

FAQ

What is affected by CVE-2025-29635?

D-Link DIR-823X should be checked against the vendor advisory and trusted references linked on this page.

What should I fix first?

Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.

How do I confirm the fix worked?

Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.

Why can this risk appear in multiple categories?

A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.